[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Pki-devel] Generating CSR in the Browser



How are people using the Certificates that they generate from the Browser? Say I use the code at

/ca/ee/ca/profileSelect?profileId=caUserCert

To generate a new Cert Signing Request, the key pair for that CSR is in my browsers NSS Database, but in order to even get to this point, I need to have a Certificate allowing me to talk to the server, so I am guessing I can't do this from the end users browser. I'm guessing the workflow goes something like this:

1. A new member of an organization needs a certificate, so they go to their supervisor
2.  Supervisor fills out the form above and submites the CSR.
3. Someone in higher echelons approves the request and generates the corresponding certificate
4.  The Supervisor then gets the certificate to the end user.


How does the private key get to the end users browser? Does it go by way of the CRM subsystem, and, if so, isn't there a chicken/egg problem in getting it?




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]